Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/25971d51-503d-4ce0-844c-63e4561fe1f2.roa
File:                     25971d51-503d-4ce0-844c-63e4561fe1f2.roa (raw, json)
Hash identifier:          NU4DGtAmgfXyafR31tzO+UujHNpb+BdAnKJiMHz1Xc0=
Subject key identifier:   4C:6A:A5:36:57:07:74:C3:57:5C:93:E6:1F:01:3C:37:2A:87:5B:C9
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6EAC0CFD391ED0999A6510A85CDDE434706786B1
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/25971d51-503d-4ce0-844c-63e4561fe1f2.roa
Signing time:             Fri 09 Jun 2023 00:00:00 +0000
ROA not before:           Fri 09 Jun 2023 00:00:00 +0000
ROA not after:            Mon 12 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:ac:0c:fd:39:1e:d0:99:9a:65:10:a8:5c:dd:e4:34:70:67:86:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun  9 00:00:00 2023 GMT
            Not After : Jun 12 23:59:59 2023 GMT
        Subject: serialNumber=136584f0d225631fb4095ef01b02bb38de2d5aac1f7e5164d625c190742fa546, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0c:f3:a8:58:2d:1d:f8:3e:25:73:2e:02:eb:
                    a0:af:90:ce:32:90:49:ab:68:99:8d:67:19:74:95:
                    78:45:14:50:d1:8b:3c:c3:18:fa:1e:01:9d:3f:99:
                    65:e0:9e:e3:6f:97:ca:f2:08:e9:ab:12:1e:1e:5c:
                    9e:e4:d6:3a:31:4a:5c:b2:45:09:e1:54:b9:6a:6e:
                    11:ce:54:cf:c2:19:b9:dc:c8:26:22:62:eb:69:14:
                    da:a2:99:4b:96:ac:d5:c5:42:a6:70:fa:8c:00:86:
                    d2:da:41:0c:a6:e5:a7:ff:3e:11:45:45:48:4e:75:
                    fc:eb:2e:6a:f4:f7:22:08:9a:20:b7:bc:03:24:b9:
                    23:21:58:3a:cd:ab:bf:39:62:54:b1:d1:94:02:2d:
                    d9:38:90:8a:99:fd:74:65:38:8f:94:29:d9:95:46:
                    95:0d:bb:d8:05:5e:66:f3:e2:01:3b:3b:f8:41:47:
                    d0:68:cf:9a:7d:96:36:b7:b0:3d:b0:0e:ae:f0:54:
                    51:a9:2e:28:c9:46:f0:d1:63:1e:51:03:7f:ec:01:
                    d3:e6:6d:12:f5:ad:9c:10:d0:d7:e1:7c:f6:46:65:
                    46:69:d2:80:56:70:41:04:ac:77:4a:2c:c6:c2:bb:
                    25:4c:77:45:a1:81:cf:9c:be:52:e4:88:cb:73:c5:
                    be:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:6A:A5:36:57:07:74:C3:57:5C:93:E6:1F:01:3C:37:2A:87:5B:C9
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/25971d51-503d-4ce0-844c-63e4561fe1f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:e6:33:e4:ec:46:ac:69:be:0b:25:ef:37:91:81:31:23:80:
         28:40:a4:53:09:3c:0b:e1:fa:e9:94:ef:2b:1f:81:3f:9d:58:
         95:1c:ca:8f:5d:1d:94:36:84:e3:a0:8d:b1:66:73:5d:83:42:
         cf:3c:97:ca:db:db:77:d0:24:7a:db:4e:42:16:d1:c5:65:7f:
         6e:04:a0:5a:ba:38:35:ee:c9:f1:49:d1:81:ef:e5:47:de:5d:
         bc:9d:6d:6b:4e:e6:cf:e2:ec:01:68:72:f2:f4:63:98:84:88:
         8c:66:4d:f2:f4:04:05:45:45:54:cd:81:e4:03:07:8f:68:ca:
         27:2e:c7:15:e4:76:42:53:a8:af:e3:9d:55:0f:f5:f5:67:aa:
         dc:06:c6:9b:d1:bb:26:2a:0a:25:26:04:4c:5a:37:30:a5:22:
         98:69:b7:49:04:c7:c1:81:15:3a:fc:a3:a4:7f:73:77:cb:d6:
         ee:79:8c:62:45:82:78:44:42:02:39:ea:c4:e9:90:6b:11:bf:
         28:18:37:67:e8:26:02:f4:19:f7:cc:71:8e:7d:a5:07:26:33:
         3b:28:6c:26:a1:9e:5b:0b:f8:b1:b0:d9:1d:77:83:4a:01:14:
         48:a8:c6:11:79:66:ce:05:40:56:9b:b6:3b:3c:1b:2b:3f:38:
         d1:12:5d:e3
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUbqwM/Tke0JmaZRCoXN3kNHBnhrEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjA5MDAwMDAwWhcNMjMwNjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMzY1ODRmMGQyMjU2MzFmYjQwOTVlZjAxYjAyYmIzOGRl
MmQ1YWFjMWY3ZTUxNjRkNjI1YzE5MDc0MmZhNTQ2MS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvDPOoWC0d+D4lcy4C66CvkM4ykEmraJmNZxl0lXhFFFDR
izzDGPoeAZ0/mWXgnuNvl8ryCOmrEh4eXJ7k1joxSlyyRQnhVLlqbhHOVM/CGbnc
yCYiYutpFNqimUuWrNXFQqZw+owAhtLaQQym5af/PhFFRUhOdfzrLmr09yIImiC3
vAMkuSMhWDrNq785YlSx0ZQCLdk4kIqZ/XRlOI+UKdmVRpUNu9gFXmbz4gE7O/hB
R9Boz5p9lja3sD2wDq7wVFGpLijJRvDRYx5RA3/sAdPmbRL1rZwQ0NfhfPZGZUZp
0oBWcEEErHdKLMbCuyVMd0Whgc+cvlLkiMtzxb45AgMBAAGjggK+MIICujAdBgNV
HQ4EFgQUTGqlNlcHdMNXXJPmHwE8NyqHW8kwHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhLzI1OTcxZDUxLTUwM2QtNGNlMC04NDRjLTYzZTQ1NjFmZTFmMi5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQAI5jPk7Eas
ab4LJe83kYExI4AoQKRTCTwL4frplO8rH4E/nViVHMqPXR2UNoTjoI2xZnNdg0LP
PJfK29t30CR6205CFtHFZX9uBKBaujg17snxSdGB7+VH3l28nW1rTubP4uwBaHLy
9GOYhIiMZk3y9AQFRUVUzYHkAwePaMonLscV5HZCU6iv451VD/X1Z6rcBsab0bsm
KgolJgRMWjcwpSKYabdJBMfBgRU6/KOkf3N3y9bueYxiRYJ4REICOerE6ZBrEb8o
GDdn6CYC9Bn3zHGOfaUHJjM7KGwmoZ5bC/ixsNkdd4NKARRIqMYReWbOBUBWm7Y7
PBsrPzjREl3j
-----END CERTIFICATE-----